[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[libvirt] [PATCH] Only parse 'CPU XML' in virCPUDefParseXML()



I received a report of user crashing libvirtd with

  virsh capabilities > capabilities.xml
  virsh cpu-compare capabilities.xml


Breakpoint 1, x86ModelFind (map=0x6fb6f0, name=0x0) at cpu/cpu_x86.c:501
501         model = map->models;
(gdb) bt
#0  x86ModelFind (map=0x6fb6f0, name=0x0) at cpu/cpu_x86.c:501
#1  0x00007ffff70d0832 in x86ModelFromCPU (cpu=0x712070, map=0x6fb6f0,
policy=1) at cpu/cpu_x86.c:541
#2  0x00007ffff70d12e9 in x86Compute (host=0x6ea610, cpu=0x712070,
guest=0x0) at cpu/cpu_x86.c:822
#3  0x00007ffff70d1750 in x86Compare (host=0x6ea610, cpu=0x712070) at
cpu/cpu_x86.c:927
#4  0x00007ffff70cf0c9 in cpuCompare (conn=0x6f69a0, host=0x6ea610,
cpu=0x712070) at cpu/cpu.c:118
#5  0x00007ffff70ceff4 in cpuCompareXML (conn=0x6f69a0, host=0x6ea610,
    xml=0x6fa3e0 "<capabilities>\n\n  <host>\n    <cpu>\n     
<arch>x86_64</arch>\n      <features>\n        <pae/>\n     
</features>\n    </cpu>\n    <migration_features>\n      <live/>\n     
<uri_transports>\n        <uri_tra"...) at cpu/cpu.c:90
..
(gdb) n
503             if (STREQ(model->name, name))
(gdb)

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff4ff4960 in strcmp () from /lib64/libc.so.6

name, passed to x86ModelFind(), is NULL because virCPUDefParseXML()
failed to parse anything meaningful from the "malformed" CPU XML.

I waffled for quite a while on how to fix this and in the end decided to
ensure the CPU XML passed to virCPUDefParseXML() does in fact contain an
element named 'cpu'.  AFAICT, all consumers of virCPUDefParseXML() pass
an xmlNodePtr rooted at 'cpu' element.

NB: I will be offline until Monday so if this patch is satisfactory
please include it for 0.7.8/0.8.0 release :-).  Otherwise I'll respin
with suggested changes next week.

Thanks!
Jim
commit 93d68602a9701dc6f6b4f4b20eaac7159c8d3be7
Author: Jim Fehlig <jfehlig novell com>
Date:   Wed Mar 31 17:02:57 2010 -0600

    Only parse 'CPU XML' in virCPUDefParseXML()
    
    Received report of user crashing libvirtd with
    
    virsh capabilities > capabilities.xml
    virsh cpu-compare capabilities.xml
    
    While user has been informed about proper usage of cpu-compare,
    segfaulting libvirt should be avoided.
    
    Do not parse CPU definition in virCPUDefParseXML() if XML is not
    a 'cpu' node.

diff --git a/src/conf/cpu_conf.c b/src/conf/cpu_conf.c
index cf91930..c51ac4e 100644
--- a/src/conf/cpu_conf.c
+++ b/src/conf/cpu_conf.c
@@ -115,6 +115,13 @@ virCPUDefParseXML(const xmlNodePtr node,
     int n;
     unsigned int i;
 
+    if (!xmlStrEqual(node->name, BAD_CAST "cpu")) {
+        virCPUReportError(VIR_ERR_INTERNAL_ERROR,
+                          "%s",
+                          _("XML does not contain expected 'cpu' element"));
+        return NULL;
+    }
+
     if (VIR_ALLOC(def) < 0) {
         virReportOOMError();
         return NULL;

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]